RE: How to avoid parsing fields = '0'?

KenMick · 06-17-2022

This seems rather unusual but you should be able to accomplish your goal with virtual IP's.1. Ensure you have 5.5.5.5 and 6.6.6.6 bound to a WAN interface2. Create a virtual IP for each public IP to private IP3. Create firewall policy allowing traffi...

KenMick · 01-26-2022

Hi Tony,The best way to handle this is to capture the field into a temporary variable and then only set it to a permanent variable if the value is a desired value. \]\s+\[\]:<_body:gPatMesgBody>]]> Crowdstrike-FDR-Generic $_allocateVirtualMe...

KenMick · 09-03-2021

Hi John,I just ran through this on a 6.3.0 and it seems to be working perfectly. openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout /etc/pki/tls/private/tls-collector1.key -out /etc/pki/tls/certs/tls-collector1.crt chmod 640 /etc/pki/tl...

KenMick · 07-14-2021

Hi Kevin,You are correct, technically this operation could be completed in the parser by way of the collectAndSetAttrFromAnotherEvent function.Example from IronportMailParser $AnotherEvent.receiverMailAddr In your case, you would want to retriev...

KenMick · 04-22-2021

Hi Alex,There are multiple ways to purge log data from FortiSIEM.To perform this within the GUI, simply go to Admin/Settings/Retention PolicyFrom there, you can create policies to purge events by customer org.------------------------------Ken--------...

User Statistics

User Activity

RE: comunicate two host on the same vlan, on the same firewall between INTERNET

RE: How to avoid parsing fields = '0'?

RE: FortiSIEM Collector (6.3) and TLS not working

RE: Total Interface Down time

RE: FortiSIEM - Manually deleting logs

RE: How to avoid parsing fields = '0'?

RE: FortiSIEM Collector (6.3) and TLS not working

FortiSIEM

KCS